he original fifty controls were introduced and explained in Volume 1 of both the 2017 and 2018 TAG Cyber Security Annual, along with cross-reference listings of world-class cyber security vendors supporting each control. Readers are advised to take some time to review those volumes to build familiarity with the TAG Cyber approach.
For this year’s work, we have decided to update, rename, and enhance several of the original TAG Cyber controls as follows:
• The Perimeter Controls category was renamed Enterprise Controls
• Deception was added to the IDPS control
• UEBA was combined with DLP into a common control category
• CASB was added to the Cloud Security control
• DMARC was added to the Email Security control
• The Infrastructure Security control was renamed BGP/DNS/SDN Security
• Sending was added to the Secure File Sharing control
• The Two-Factor Authentication control was changed to Multi-Factor Authentication
• The Brand Protection control was changed to Digital Risk Management
• Risk was added to the GRC Platform control
• Simulation was added to the Penetration Testing control
• SOC Hunt was added to the Security Analytics control
• Identity Systems was added to the IAM control
• The PCI/DSS Compliance control was changed to Compliance Support
• The Security Recruiting control was changed to Security Career Support
The purpose of this new volume is to provide an updated industry and enterprise perspective on each of the updated controls as we enter 2019. But this year, we are doing things a bit differently than in the past. First, we have shortened the treatment here – at the request of so many of our readers. We are grateful that our constituents are happy with our messaging, but fully acknowledge that perhaps thousands of pages of writing is a bit much. We hear you.
So, this Volume 1 is shorter and more to the point than previous efforts – and we justify this as follows: First, we believe that our Volume 1 works in 2017 and 2018 still stand as correct and relevant to modern enterprise (some of the earlier vendor references are out of date). But second, we plan to issue in 2019 a series of more extensive versions of these fifty chapters as longer separate reports. (You didn’t think we’d avoid the Big Words, did you?)
The sections below thus follow directly from the new, updated periodic table of controls for 2019. Each section briefly introduces the associated control, and offers a summary outlook based on our current views of the industry. This guide can be read stand-alone, or can be used as a companion document to the original TAG Cyber Security Annuals in 2017 and 2018. We hope it is useful for you.
It is worth mentioning that reading a TAG Cyber Trending chart requires a bit of effort, but we offer guidance to the reader in each section below. We have tried to include several dimensions on the same visual – so it is valid to criticize the charts as being somewhat busy. Nevertheless, we stuck with the approach and we welcome any suggestions for improving our approach in future versions of this TAG Cyber Security Annual.
The full volume covering all 50 controls can be found here.